Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    VPN Bridge Works in windows but not in Linux!

    Scheduled Pinned Locked Moved OpenVPN
    1 Posts 1 Posters 1.4k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • D
      djackson
      last edited by

      Please Help!

      I have setup an openvpn bridge and it work great in windows (xp, vista, win7), but keeps giving me error in Linux. Any ideas?

      Sever Conf

      dev ovpns1
      dev-type tap
      dev-node /dev/tap1
      writepid /var/run/openvpn_server1.pid
      #user nobody
      #group nobody
      script-security 3
      daemon
      keepalive 10 60
      ping-timer-rem
      persist-tun
      persist-key
      proto udp
      cipher AES-128-CBC
      up /usr/local/sbin/ovpn-linkup
      down /usr/local/sbin/ovpn-linkdown
      local 74.91.109.99
      engine cryptodev
      tls-server
      mode server
      username-as-common-name
      auth-user-pass-verify /var/etc/openvpn/server1.php via-env
      tls-verify /var/etc/openvpn/server1.tls-verify.php
      lport 1194
      management /var/etc/openvpn/server1.sock unix
      max-clients 25
      push "dhcp-option DNS 172.28.0.1"
      push "dhcp-option DNS 172.28.6.13"
      push "redirect-gateway def1"
      client-to-client
      ca /var/etc/openvpn/server1.ca
      cert /var/etc/openvpn/server1.cert
      key /var/etc/openvpn/server1.key
      dh /etc/dh-parameters.1024
      crl-verify /var/etc/openvpn/server1.crl-verify
      tls-auth /var/etc/openvpn/server1.tls-auth 0
      comp-lzo
      persist-remote-ip
      float

      Server ifconfig -a

      re0: flags=8843 <up,broadcast,running,simplex,multicast>metric 0 mtu 1500
      options=389b <rxcsum,txcsum,vlan_mtu,vlan_hwtagging,vlan_hwcsum,wol_ucast,wol_mcast,wol_magic>ether 38:60:77:c5:de:51
      inet 74.91.109.99 netmask 0xfffffffc broadcast 74.91.109.100
      inet6 fe80::3a60:77ff:fec5:de51%re0 prefixlen 64 scopeid 0x1
      nd6 options=3 <performnud,accept_rtadv>media: Ethernet autoselect (100baseTX <full-duplex>)
      status: active
      em0: flags=8943 <up,broadcast,running,promisc,simplex,multicast>metric 0 mtu 1500
      options=2098 <vlan_mtu,vlan_hwtagging,vlan_hwcsum,wol_magic>ether 00:1b:21:b0:86:15
      inet 172.28.0.1 netmask 0xffff0000 broadcast 172.28.255.255
      inet6 fe80::21b:21ff:feb0:8615%em0 prefixlen 64 scopeid 0x2
      inet 172.28.6.13 netmask 0xffffffff broadcast 172.28.6.13
      inet 172.28.6.14 netmask 0xffffffff broadcast 172.28.6.14
      nd6 options=3 <performnud,accept_rtadv>media: Ethernet autoselect (1000baseT <full-duplex>)
      status: active
      lo0: flags=8049 <up,loopback,running,multicast>metric 0 mtu 16384
      options=3 <rxcsum,txcsum>inet 127.0.0.1 netmask 0xff000000
      inet6 ::1 prefixlen 128
      inet6 fe80::1%lo0 prefixlen 64 scopeid 0x3
      nd6 options=3 <performnud,accept_rtadv>pfsync0: flags=0<> metric 0 mtu 1460
      syncpeer: 224.0.0.240 maxupd: 128 syncok: 1
      pflog0: flags=100 <promisc>metric 0 mtu 33200
      enc0: flags=0<> metric 0 mtu 1536
      bridge0: flags=8843 <up,broadcast,running,simplex,multicast>metric 0 mtu 1500
      ether 4a:17:42:20:9d:1e
      id 00:00:00:00:00:00 priority 32768 hellotime 2 fwddelay 15
      maxage 20 holdcnt 6 proto rstp maxaddr 100 timeout 1200
      root id 00:00:00:00:00:00 priority 32768 ifcost 0 port 0
      member: ovpns1 flags=143 <learning,discover,autoedge,autoptp>ifmaxaddr 0 port 8 priority 128 path cost 2000000
      member: em0 flags=143 <learning,discover,autoedge,autoptp>ifmaxaddr 0 port 2 priority 128 path cost 2000000
      ovpns1: flags=8943 <up,broadcast,running,promisc,simplex,multicast>metric 0 mtu 1500
      options=80000 <linkstate>ether 00:bd:b8:3e:00:01
      inet6 fe80::2bd:b8ff:fe3e:1%ovpns1 prefixlen 64 scopeid 0x8
      nd6 options=3 <performnud,accept_rtadv>Opened by PID 13857
      tun1: flags=8010 <pointopoint,multicast>metric 0 mtu 1500
      options=80000 <linkstate>Server Log

      May 23 10:55:29 openvpn[58493]: djackson/75.100.124.99:5892 send_push_reply(): safe_cap=960
      May 23 10:55:27 openvpn: user djackson authenticated
      May 23 10:55:27 openvpn: : Logged in successfully as djackson via LDAP server Dougs_LDAP with DN = uid=djackson,ou=people,dc=tcsbasys,dc=com.
      May 23 10:55:27 openvpn: : Now Searching in server Dougs_LDAP, container ou=people,dc=tcsbasys,dc=com with filter (uid=djackson).
      May 23 10:55:27 openvpn: : Now Searching for djackson in directory.
      May 23 10:55:26 openvpn: Found certificate /C=US/ST=Wisconsin/L=Middleton/O=TCS_Basys/emailAddress=djackson@tcsbays.com/CN=User-ca with depth 0
      May 23 10:55:26 openvpn: Found certificate /C=US/ST=Wisconsin/L=Middleton/O=TCS_Basys/emailAddress=djackson@tcsbays.com/CN=VPN-ca with depth 1
      May 23 10:54:06 openvpn[58493]: djackson/75.100.124.90:5892 send_push_reply(): safe_cap=960
      May 23 10:54:05 openvpn: user djackson authenticated
      May 23 10:54:05 openvpn: : Logged in successfully as djackson via LDAP server Dougs_LDAP with DN = uid=djackson,ou=people,dc=tcsbasys,dc=com.
      May 23 10:54:05 openvpn: : Now Searching in server Dougs_LDAP, container ou=people,dc=tcsbasys,dc=com with filter (uid=djackson).
      May 23 10:54:05 openvpn: : Now Searching for djackson in directory.
      May 23 10:54:04 openvpn: Found certificate /C=US/ST=Wisconsin/L=Middleton/O=TCS_Basys/emailAddress=djackson@tcsbays.com/CN=User-ca with depth 0
      May 23 10:54:04 openvpn: Found certificate /C=US/ST=Wisconsin/L=Middleton/O=TCS_Basys/emailAddress=djackson@tcsbays.com/CN=VPN-ca with depth 1

      Client Conf

      dev tap
      persist-tun
      persist-key
      proto udp
      cipher AES-128-CBC
      tls-client
      client
      resolv-retry infinite
      remote 74.91.109.99 1194
      tls-remote User-ca
      auth-user-pass
      pkcs12 pfsense-udp-1194.p12
      tls-auth pfsense-udp-1194-tls.key 1
      comp-lzo

      Client Log

      nin@Bushi /etc/openvpn $ sudo openvpn –config pfsense-udp-1194.ovpn
      [sudo] password for ronin:
      Wed May 23 10:39:52 2012 OpenVPN 2.1.0 x86_64-pc-linux-gnu [SSL] [LZO2] [EPOLL] [PKCS11] [MH] [PF_INET6] [eurephia] built on Jul 20 2010
      Enter Auth Username:djackson
      Enter Auth Password:
      Wed May 23 10:39:58 2012 IMPORTANT: OpenVPN's default port number is now 1194, based on an official port number assignment by IANA.  OpenVPN 2.0-beta16 and earlier used 5000 as the default port.
      Wed May 23 10:39:58 2012 WARNING: Make sure you understand the semantics of –tls-remote before using it (see the man page).
      Wed May 23 10:39:58 2012 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
      Wed May 23 10:39:58 2012 WARNING: file 'pfsense-udp-1194.p12' is group or others accessible
      Wed May 23 10:39:58 2012 /usr/bin/openssl-vulnkey -q -b 2048 -m <modulus omitted="">Wed May 23 10:39:58 2012 WARNING: file 'pfsense-udp-1194-tls.key' is group or others accessible
      Wed May 23 10:39:58 2012 Control Channel Authentication: using 'pfsense-udp-1194-tls.key' as a OpenVPN static key file
      Wed May 23 10:39:58 2012 LZO compression initialized
      Wed May 23 10:39:58 2012 UDPv4 link local (bound): [undef]
      Wed May 23 10:39:58 2012 UDPv4 link remote: [AF_INET]74.91.109.99:1194
      Wed May 23 10:39:58 2012 WARNING: this configuration may cache passwords in memory – use the auth-nocache option to prevent this
      Wed May 23 10:39:59 2012 [User-ca] Peer Connection Initiated with [AF_INET] 74.91.109.99:1194
      Wed May 23 10:40:01 2012 TUN/TAP device tap0 opened
      Wed May 23 10:40:01 2012 NOTE: unable to redirect default gateway – VPN gateway parameter (--route-gateway or --ifconfig) is missing
      Wed May 23 10:40:01 2012 Initialization Sequence Completed</modulus></linkstate></pointopoint,multicast></performnud,accept_rtadv></linkstate></up,broadcast,running,promisc,simplex,multicast></learning,discover,autoedge,autoptp></learning,discover,autoedge,autoptp></up,broadcast,running,simplex,multicast></promisc></performnud,accept_rtadv></rxcsum,txcsum></up,loopback,running,multicast></full-duplex></performnud,accept_rtadv></vlan_mtu,vlan_hwtagging,vlan_hwcsum,wol_magic></up,broadcast,running,promisc,simplex,multicast></full-duplex></performnud,accept_rtadv></rxcsum,txcsum,vlan_mtu,vlan_hwtagging,vlan_hwcsum,wol_ucast,wol_mcast,wol_magic></up,broadcast,running,simplex,multicast>

      1 Reply Last reply Reply Quote 0
      • First post
        Last post
      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.